1. Field of the Invention
The present invention relates generally to computer systems, and more particularly but not exclusively to computer security.
2. Description of the Background Art
Various components of a computer network generate event information indicative of computer security threat or security posture. Sources of event information may include operating systems, databases, network security devices, networking devices, endpoint security software, and various applications. Security information and event management (SIEM) techniques may be used to gather event information into an event log, correlate the event information, perform notifications, allow for interactive event management functions (e.g., queries, drilldown, diagnostics), and generate event reports. Event reports allow administrators to evaluate their networks for existing or emerging security threats, and manage network security in general. Unfortunately, because of the huge volume of event information and possible ways of presenting the event information, event reports are not only relatively complex to generate but are also difficult to efficiently mine for critical information.